I just landed a set of changes to improve our release process for cluster 3.
Here are the highlights:
- - tarballs will be released in both .gz and bz2 formats.
- - a Changelog-$VERSION will be available on the release area (same as
the one available in the announce emails).
- - a .sha256 file will also be available for each release to verify the
downloads.
- - for the more paranoid, the .sha256 file is signed with gpg (*).
As of today, we will _not_ update tarballs on the old
ftp://sources.redhat.com/pub/cluster/releases/
Please update your watchfiles to use:
https://fedorahosted.org/releases/c/l/cluster/
Cheers
Fabio
(*) In order to verify the release signature (example):
3) $ gpg --check-sigs 0x6CE95CA7
pub 4096R/6CE95CA7 2010-02-08
uid Cluster Release Team <cluster-devel@redhat.com>
sig!3 6CE95CA7 2010-02-08 Cluster Release Team
<cluster-devel@redhat.com>
sig! 63549F8E 2010-02-08 Fabio M. Di Nitto <fabbione@fabbione.net>
sig! 0B437A89 2010-02-08 Fabio M. Di Nitto <fabbione@fabbione.net>
sig! 4CF8CD0C 2010-02-08 Lon Hohberger <lhh@redhat.com>
The key will always carry only the UIDs of the release managers.
4) $ gpg --verify cluster-3.0.8.sha256.asc cluster-3.0.8.sha256
gpg: Signature made Tue Feb 16 12:37:42 2010 CET using RSA key ID 6CE95CA7
gpg: Good signature from "Cluster Release Team <cluster-devel@redhat.com>"
Generally, step 1 to 3 are required only for a first time setup.
Please always consult any extensive gpg how to for more information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Upcoming changes to cluster releases
